3rd Party Risk Management , Governance & Risk Management , Security Information & Event Management (SIEM)

Evaluating and Reducing Supply Chain Risk

Vikram Asnani of CyberGRX Says the Supply Chain Is a Top Concern

Attacks on software supply chains can be difficult to detect yet devastating if one has occurred. But organizations can take steps to limit the risk from their suppliers, says Vikram Asnani, senior director of solution architecture with CyberGRX.

Third-party suppliers may send a certificate of assurance when questioned about their controls, but that's not good enough, Asnani says. The certificate is "just an attestation that someone has done it, and you're relying on that blindly," he says.

The biggest risks come from the long tail of suppliers that are likely never queried about their own cybersecurity practices. But there are detectable warning signs.

Asnani says an example would be if a supplier has a patch management program in place but doesn't have visibility over all of their assets or if a supplier has a SIEM but isn't collecting logs.

"Those are key red flags that people can quickly identify," Asnani says.

In this video interview with Information Security Media Group, Asnani discusses:

  • What risks organizations face from their supply chains;
  • How organizations can ensure suppliers are meeting baseline security controls;
  • Why potential supply chain security problems may be missed.

Asnani has 15 years of global experience in assisting clients across risk management, cybersecurity strategy, third-party risk, cloud migration, business continuity and data privacy, through advisory and managed services offerings with a motto of using technology as an innovative solution for driving maturity. He is currently a solution architect for CyberGRX.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.